System operations on entities

A user can only see a menu (or its specific entries) if they have the corresponding operation permissions. The permissions are needed for them to use the operation. A system operation with the OSUB_ prefix is in place for each of the entries in the left panel menu (ADMINISTRATION  Records management  Entities).

A user can only see the entry if they have the specific operation permission granted.

Since version 10.2.4, there is an ESS Configuration Administrator role. This role has EXECUTE permissions to all system operations related to entity configuration.

The same OSUB_xxx permissions are granted to the Configuration Administrator role and the ffs_system_account user.

The GRANT and REVOKE permissions to OSUB_xxx operations are granted to the Security Administrator role and the ffs_system_account user.

In new installations, the admin user receives the ESS Configuration Administrator role automatically.

The class \FS\DG\Constants\OSubAdministrationPages has been created. It contains page identifiers within entity administration. It also contains translation arrays that specify which operation needs to be tested for which administration page to check for the page visibility – see the method
\FS\DG\Constants\OSubAdministrationPages::getPage2ID_OPERArray()

Method \FS\DG\Constants\OSubAdministrationPages::getID_OPERForPage(string $page_identifier): int returns ID_OPER for the operation to be used to get visibility for page with $page_identifier.

The class \FS\DG\Authorizators\OSubAdministrationAuthorizator has been created. It can be used to get administration page visibility without knowing the operation-to-page mapping.

Method public function canViewOSubAdministrationPage(?int $id_user, string $osub_page_identification): bool returns the visibility for the page with identification $osub_page_identification and user $id_user.

Method public function filterVisibleOSubAdministrationPages(?int $id_user, array $osub_page_identification_array): array filters the array $osub_page_identification_array, which contains the identifiers for entity administration pages, and returns the identifiers for the pages that user $id_user is authorized to see.

Starting with version 10.2.4, the following system operations are introduced:

  • SUBJECT_ENTITIES (Entities)

  • SUBJECT_DATAMAILBOX_SETTINGS (Data mailbox settings)

  • SUBJECT_MAIL-SETTINGS (Mail settings)

  • SUBJECT_GROUP_AND_USERS (Groups and users)

  • SUBJECT_DEFAULT_VALUES (Default values)

  • SUBJECT_CERTIFICATES (Certificates)

  • SUBJECT_UIN (UID)

  • SUBJECT_REFERENCE_NUMBER (Reference number)

  • SUBJECT_ORG_UNIT (Organizational units)

  • SUBJECT_SECURITY_CATEGORY (Security categories)

  • SUBJECT_RETENTION_POLICY (Retention policy)

  • SUBJECT_TRIGGER_EVENTS (Trigger events)

  • SUBJECT_FILE_PLAN (File plan)

  • SUBJECT_DOCUMENT_PROCESSING (Document processing)

  • SUBJECT_DOCUMENT_CATEGORY (Message categories)

  • SUBJECT_PROCESSES (Processes)

  • SUBJECT_COMMUNICATION_PLAN (Communication plan)

  • SUBJECT_MESSAGES_READING (Reading messages)

  • SUBJECT_MESSAGES_SENDING (Sending messages)

  • SUBJECT_SENDER_GROUPS (Sender groups)

  • SUBJECT_MESSAGE_SORTING_RULES (Message sorting rules)

  • SUBJECT_NOTIFICATIONS (Notifications)

  • SUBJECT_LABELS (Labels)

  • SUBJECT_PERMISSIONS_TO_GRANT (Grant permissions)

  • SUBJECT_PERMISSIONS_TO_TAKEOVER (Takeover permissions)

  • SUBJECT_HYBRID_MAIL (Hybrid mail)

  • SUBJECT_OUTPUT_DATA_FORMATS (Output data formats).

The operations are created in the database schema 1533 under class \FS\XG\Constants\OPER:

/** Entities */
    public const OSUB_ENTITIES = 113;
/** Entities – Data mailbox settings */
    public const OSUB_DATAMAILBOX_SETTINGS = 114;
/** Entities – Mail settings */
    public const OSUB_MAIL_SETTINGS = 115;
/** Entities – Groups and users */
    public const OSUB_GROUPS_AND_USERS = 116;
/** Entities – Default values */
    public const OSUB_DEFAULT_VALUES = 117;
/** Entities – Certificates */
    public const OSUB_CERTIFICATES = 118;
/** Entities – UID */
    public const OSUB_UID = 119;
/** Entities – Reference number */
    public const OSUB_REFERENCE_NUMBER = 120;
/** Entities – Organizational units */
    public const OSUB_ORG_UNITS = 121;
/** Entities – Security categories */
    public const OSUB_SECURITY_CATEGORIES = 122;
/** Entities – Retention policy */
    public const OSUB_SHREDDING_POLICY = 123;
/** Entities – Trigger events */
    public const OSUB_TRIGGER_EVENTS = 124;
/** Entities – File plan */
    public const OSUB_FILE_PLAN = 125;
/** Entities – Document processing */
    public const OSUB_DOCUMENT_PROCESSING = 126;
/** Entities – Message categories */
    public const OSUB_DOCUMENT_CATEGORY = 127;
/** Entities – Processes */
    public const OSUB_PROCESSES = 128;
/** Entities – Communication plan */
    public const OSUB_COMMUNICATION_PLAN = 129;
/** Entities – Reading messages */
    public const OSUB_MESSAGES_READING = 130;
/** Entities – Sending messages */
    public const OSUB_MESSAGES_SENDING = 131;
/** Entities – Sender groups */
    public const OSUB_SENDER_GROUPS = 132;
/** Entities – Message sorting rules */
    public const OSUB_MESSAGE_SORTING_RULES = 133;
/** Entities – Notifications */
    public const OSUB_NOTIFICATIONS = 134;
/** Entities – Labels */
    public const OSUB_LABELS = 135;
/** Entities – Grant permissions */
    public const OSUB_PERMISSIONS_TO_GRANT = 136;
/** Entities – Takeover permissions */
    public const OSUB_PERMISSIONS_TO_TAKEOVER = 137;
/** Entities – Hybrid mail */
    public const OSUB_HYBRID_MAIL = 138;
/** Entities – Output data formats */
    public const OSUB_OUTPUT_DATA_FORMATS = 139;